cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3146
Views
0
Helpful
12
Replies

2 internet Connection teminated to ASA 5512

Sheik Mohamed
Level 1
Level 1

Dear all 

 

I have 2 internet line (Leased line and ADSL line ).Now my requirement is In ASA 5512 in the top of network with IPS . I have 6 vlans in the core switch .

In 1 Vlan Passing to internet Traffic to normal ADSL Line .and all other Vlans and traffic going to leased line .Is it possible ?? it's not failover and its not primary and secondary .

 

Our goal :leased line remaining 5 vlans carry 

                 ADSL line only one vlan carry to for browsing .

 

 

Pls give me your valuable thoughts and ideas...

2 Accepted Solutions

Accepted Solutions

nkarthikeyan
Level 7
Level 7

Hi Sheik,

 

ASA doesn't support load balancing or splitting the traffic over two different WAN links. You can make one primary and other as a backup.

 

HTH

 

Regards

Karthik

View solution in original post

HI Sheik,

Yes you can do this.

In your case since all your servers will be connected through leased line and internet through adsl link, you can terminate both links on firewall's two interfaces. All traffic from your all vlans to servers will be routed via leased line (you will need to configure static routes for all servers' range  via leased line and a default route for internet via adsl link. You can control internet access for all vlans through access-list on firewall.

 

View solution in original post

12 Replies 12

nkarthikeyan
Level 7
Level 7

Hi Sheik,

 

ASA doesn't support load balancing or splitting the traffic over two different WAN links. You can make one primary and other as a backup.

 

HTH

 

Regards

Karthik

Hi Karthi 

 

Are you sure ?? becaz customer needed LAN internet packets going to ADSL .

Servers and other vlan traffic going to Leased line Connection .

 

Pls Make sure whether this scenario what  i will do ??If ASA will not do what we can do this customer requirement ?

 

 

Hi Sheik,

 

As per my knowledge through ASA you cannot achieve it.

  • Through ASA you cannot do policy based routing.
  • Even though you can have two default routes enabled one can be on active and other can be on standby.

This is not possible with your present topology.

 

HTC

 

Regards

Karthik

Hi Karthik,

 

I had read a cisco document as below, it stated 9.0 support PBRi:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html#pgfId-1943033

 

Do you have any idea whether the cisco guide is correct as there is no sample configuration can be refer.

 

Thanks.

Loh

Hi,

 

I get through the command refernce of cisco asa 9.x version.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2.pdf
 
There is a route-map option with ip-next hop feature which can give you the desired result. You can give a try because i do not have any lab option for cisco asa 9.x version OS to test and confirm you.
 
You can try it out.
 
 
Regards
Karthik
 
 

Also you need to have the dynamic routing in place if you want to use route-maps in ASA..... either OSPF or BGP. BGP is available in recent IOS versions..... but you need to have the ISP routers also should support the dynamic routing protocols..... in your case ADSL modem will not do as such i guess.... We can try to tweak something to work.... but not sure or guarantee about this.....

HTH

Regards

Karthik

Hi Karthi and others 

 

Pls see the attachment there is only one inside ,i need it two inside ip and one is going to leased line and another one going to ADSL.is it possible on 5512 and 5515 firewalls??

 

Pls ASAP

 

Hi Sheik,

Can you confirm me if your both links (Leased and ADSL) are terminated on firewall?  Are all the traffic going through leased line are private IPs or unspecified? Have you got any public IP pool with both links?

Also can you share me configuration of firewall so that I can suggest you a possible solution to achieve what you want to.Also share me the details of each vlan's IP details.

Hi Rahul 

its existing setup ,but i will purchase a new 5512 firewall with IPS .they have 2 isp's...

Leased line already configured the firewall .now they taken a ADSL line for internet browsing .

Leased line only for Servers and other vlans.

ADSL Line Only browsing purpose can we configure to  Local Users ...

 

I didn't started the work .Just asking a doubt .whether it is possible or not?? but when i contact one supplier they says is possible .

 

yes leased line directed connected but ADSL connection routed mode.

yes i have public ip pool for leased line . in ADSL i will not confirmed whether they will get fixed ip .

Please confirm the ASA 5515-X can support Two Internet Lines routing to two different Vlans (Server, Client).

HI Sheik,

Yes you can do this.

In your case since all your servers will be connected through leased line and internet through adsl link, you can terminate both links on firewall's two interfaces. All traffic from your all vlans to servers will be routed via leased line (you will need to configure static routes for all servers' range  via leased line and a default route for internet via adsl link. You can control internet access for all vlans through access-list on firewall.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: